Defensive Security Handbook, 2nd Edition

Defensive Security Handbook, 2nd Edition

by Lee Brotherston, Amanda Berlin, William F. Reyor
Released June 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098127244

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget for an information security (InfoSec) program. If you're forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.

Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs.

This book will help you:

  • Plan and design incident response, disaster recovery, compliance, and physical security
  • Learn and apply basic penetration-testing concepts through purple teaming
  • Conduct vulnerability management using automated processes and tools
  • Use IDS, IPS, SOC, logging, and monitoring
  • Bolster Microsoft and Unix systems, network infrastructure, and password management
  • Use segmentation practices and designs to compartmentalize your network
  • Reduce exploitable errors by developing code securely

Publisher resources

View/Submit Errata

Table of contents

  1. Foreword to the First Edition
  2. Preface
    1. Our Goal
    2. Who This Book Is For
    3. Navigating the Book
    4. Conventions Used in This Book
    5. O’Reilly Online Learning
    6. How to Contact Us
    7. Acknowledgments
      1. Amanda
      2. Lee
      3. Bill
  3. 1. Creating a Security Program
    1. Laying the Groundwork
    2. Establishing Teams
    3. Determining Your Baseline Security Posture
    4. Assessing Threats and Risks
      1. Identify Scope, Assets, and Threats
      2. Assess Risk and Impact
      3. Mitigate
      4. Monitor
      5. Govern
    5. Prioritizing
    6. Creating Milestones
    7. Use Cases, Tabletops, and Drills
    8. Expanding Your Team and Skillsets
    9. Conclusion
  4. 2. Asset Management and Documentation
    1. What Is Asset Management?
    2. Documentation
    3. Establishing the Schema
      1. Data Storage Options
      2. Data Classification
      3. Understanding Your Inventory Schema
    4. Asset Management Implementation Steps
      1. Defining the Lifecycle
      2. Information Gathering
      3. Change Tracking
      4. Monitoring and Reporting
    5. Asset Management Guidelines
      1. Automate
      2. Establish a Single Source of Truth
      3. Organize a Company-wide Team
      4. Find Executive Champions
      5. Keep on Top of Software Licensing
    6. Conclusion
  5. 3. Policies
    1. Language
    2. Document Contents
    3. Topics
    4. Storage and Communication
    5. Conclusion
  6. 4. Standards and Procedures
    1. Standards
    2. Procedures
    3. Document Contents
    4. Conclusion
  7. 5. User Education
    1. Broken Processes
    2. Bridging the Gap
    3. Building Your Own Program
      1. Establish Objectives
      2. Establish Baselines
      3. Scope and Create Program Rules and Guidelines
      4. Provide Positive Reinforcement
      5. Define Incident Response Processes
    4. Obtaining Meaningful Metrics
      1. Measurements
      2. Tracking Success Rate and Progress
      3. Important Metrics
    5. Conclusion
  8. 6. Incident Response
    1. Processes
      1. Pre-Incident Processes
      2. Incident Processes
      3. Post-Incident Processes
    2. Tools and Technology
      1. Log Analysis
      2. EDR/XDR/MDR/All the “Rs”
      3. Disk and File Analysis
      4. Memory Analysis
      5. PCAP Analysis
      6. All-in-One Tools
    3. Conclusion
  9. 7. Disaster Recovery
    1. Setting Objectives
      1. Recovery Point Objective
      2. Recovery Time Objective
    2. Recovery Strategies
      1. Traditional Physical Backups
      2. Warm Standby
      3. High Availability
      4. Alternate System
      5. System Function Reassignment
    3. Cloud Native Disaster Recovery
    4. Dependencies
    5. Scenarios
    6. Invoking a Failover...and Back
    7. Testing
    8. Security Considerations
    9. Conclusion
  10. 8. Industry Compliance Standards and Frameworks
    1. Industry Compliance Standards
      1. Family Educational Rights and Privacy Act (FERPA)
      2. Gramm-Leach-Bliley Act (GLBA)
      3. Health Insurance Portability and Accountability Act (HIPAA)
      4. Payment Card Industry Data Security Standard (PCI DSS)
      5. Sarbanes-Oxley (SOX) Act
    2. Frameworks
      1. Center for Internet Security (CIS)
      2. Cloud Control Matrix (CCM)
      3. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
      4. Control Objectives for Information and Related Technologies (COBIT)
      5. ISO-27000 Series
      6. MITRE ATT&CK
      7. NIST Cybersecurity Framework (CSF)
    3. Regulated Industries
      1. Financial
      2. Government
      3. Healthcare
    4. Conclusion
  11. 9. Physical Security
    1. Physical
      1. Restrict Access
      2. Video Surveillance
      3. Authentication Maintenance
      4. Secure Media
      5. Datacenters
    2. Operational Aspects
      1. Identifying Visitors and Contractors
      2. Physical Security Training
    3. Conclusion
  12. 10. Microsoft Windows Infrastructure
    1. Quick Wins
      1. Upgrade
      2. Third-Party Patches
      3. Open Shares
    2. Active Directory Domain Services
      1. Forests
      2. Domains
      3. Domain Controllers
      4. Organizational Units
      5. Groups
      6. Accounts
    3. Group Policy Objects (GPOs)
    4. Conclusion
  13. 11. Unix Application Servers
    1. Keeping Up-to-Date
      1. Third-Party Software Updates
      2. Core Operating System Updates
    2. Hardening a Unix Application Server
      1. Disable Services
      2. Set File Permissions
      3. Use Host-Based Firewalls
      4. Manage File Integrity
      5. Configure Separate Disk Partitions
      6. Use chroot
      7. Set Up Mandatory Access Control
    3. Conclusion
  14. 12. Endpoints
    1. Keeping Up-to-Date
      1. Microsoft Windows
      2. macOS
      3. Unix Desktops
      4. Third-Party Updates
    2. Hardening Endpoints
      1. Disable Services
      2. Use Desktop Firewalls
      3. Implement Full-Disk Encryption
      4. Use Endpoint Protection Tools
    3. Mobile Device Management
    4. Endpoint Visibility
    5. Centralization
    6. Conclusion
  15. 13. Databases
    1. Introduction to Databases and Their Importance in Information Security
      1. Database Implementations
      2. Common Database Management Systems
      3. A Real-World Case Study: The Marriott Breach
    2. Database Security Threats and Vulnerabilities
      1. Unauthorized Access
      2. SQL Injection
      3. Data Leakage
      4. Insider Threats
      5. Defense Evasion
    3. Database Security Best Practices
      1. Data Encryption
      2. Authentication and Authorization Mechanisms
      3. Secure Database Configuration and Hardening
      4. Database Management in the Cloud
      5. Hands-on Exercise: Implementing Encryption in a MySQL Database (Operation Lockdown)
    4. Conclusion
  16. 14. Cloud Infrastructure
    1. Types of Cloud Services and Their Security Implications
      1. Software as a Service (SaaS)
      2. Platform as a Service (PaaS)
      3. Infrastructure as a Service (IaaS)
      4. The Shared Responsibility Model
    2. Common Cloud Security Mistakes and How to Avoid Them
      1. Misconfigurations
      2. Inadequate Credential and Secrets Management
      3. Overpermissioned Cloud Resources
      4. Poor Security Hygiene
      5. Failing to Understand the Shared Responsibility Model
    3. Cloud Security Best Practices
      1. Start with Secure Architectural Patterns
      2. Properly Manage Secrets
      3. Embrace Well-Architected Frameworks
      4. Continue Following Security Best Practices
    4. Exercise: Gaining Security Visibility into an AWS Environment
      1. Configure an SNS Email Notification
      2. Enable GuardDuty
      3. Set Up EventBridge to Route Alerts to Email
      4. Testing
    5. Conclusion
  17. 15. Authentication
    1. Identity and Access Management
    2. Passwords
      1. Password Basics
      2. Encryption, Hashing, and Salting
      3. Password Management
      4. Additional Password Security
    3. Common Authentication Protocols
      1. NTLM
      2. Kerberos
      3. LDAP
      4. RADIUS
      5. Differences Between Protocols
      6. Protocol Security
      7. Choosing the Best Protocol for Your Organization
    4. Multi-Factor Authentication
      1. MFA Weaknesses
      2. Where It Should Be Implemented
    5. Conclusion
  18. 16. Secure Network Infrastructure
    1. Device Hardening
      1. Firmware/Software Patching
      2. Services
      3. SNMP
      4. Encrypted Protocols
      5. Management Network
    2. Hardware Devices
      1. Bastion Hosts
      2. Routers
      3. Switches
      4. Wireless Devices
    3. Design
      1. Egress Filtering
      2. IPv6: A Cautionary Note
      3. TACACS+
    4. Networking Attacks
      1. ARP Cache Poisoning and MAC Spoofing
      2. DDoS Amplification
      3. VPN Attacks
      4. Wireless
    5. Conclusion
  19. 17. Segmentation
    1. Network Segmentation
      1. Physical
      2. Logical
      3. Physical and Logical Network Example
      4. Software-Defined Networking
    2. Application Segmentation
    3. Segmentation of Roles and Responsibilities
    4. Conclusion
  20. 18. Vulnerability Management
    1. Authenticated Versus Unauthenticated Scans
    2. Vulnerability Assessment Tools
    3. Open Source Tools
    4. Vulnerability Management Program
      1. Program Initialization
      2. Business as Usual
    5. Remediation Prioritization
    6. Risk Acceptance
    7. Conclusion
  21. 19. Development
    1. Language Selection
      1. Assembly
      2. C and C++
      3. Go
      4. Rust
      5. Python/Ruby/Perl
      6. PHP
    2. Secure Coding Guidelines
    3. Testing
      1. Automated Static Testing
      2. Automated Dynamic Testing
      3. Peer Review
    4. Software Development Lifecycle
    5. Conclusion
  22. 20. OSINT and Purple Teaming
    1. Open Source Intelligence
      1. Types of Information and Access
      2. Modern OSINT Tools
    2. Purple Teaming
      1. A Purple Teaming Example
    3. Conclusion
  23. 21. Understanding IDSs and IPSs
    1. Role in Information Security
    2. Exploring IDS and IPS Types
      1. Network-Based IDSs
      2. Host-Based IDSs
      3. IPSs
      4. NGFWs
    3. IDSs and IPSs in the Cloud
      1. AWS
      2. Azure
      3. GCP
    4. Working with IDSs and IPSs
      1. Managing False Positives
      2. Writing Your Own Signatures
    5. IDS/IPS Positioning
    6. Encrypted Protocols
    7. Conclusion
  24. 22. Logging and Monitoring
    1. Security Information and Event Management
      1. Why Use a SIEM
      2. Scope of Coverage
      3. Designing the SIEM
    2. Log Analysis and Enrichment
      1. Sysmon
      2. Group Policy
    3. Alert Examples and Log Sources to Focus On
      1. Authentication Systems
      2. Application Logs
      3. Cloud Services
      4. Databases
      5. DNS
      6. Endpoint Protection Solutions
      7. IDSs/IPSs
      8. Operating Systems
      9. Proxy and Firewall Logs
      10. User Accounts, Groups, and Permissions
    4. Testing and Continuing Configuration
    5. Aligning with Detection Frameworks, Compliance Mandates, and Use Cases
      1. MITRE ATT&CK
      2. Sigma
      3. Compliance
      4. Use Case Analysis
    6. Conclusion
  25. 23. The Extra Mile
    1. Email Servers
    2. DNS Servers
    3. Security Through Obscurity
    4. Useful Resources
      1. Books
      2. Blogs
      3. Podcasts
      4. Websites
  26. Appendix. User Education Templates
    1. Live Phishing Education Slides
      1. You’ve Been Hacked!
      2. What Just Happened, and Why?
      3. Social Engineering 101(0101)
      4. So It’s OK That You Were Exploited (This Time)
      5. No Blame, No Shames, Just...
      6. A Few Strategies for Next Time
      7. Because There Will Be a Next Time
      8. If Something Feels Funny
      9. If Something Looks Funny
      10. If Something Sounds Funny
      11. Feels, Looks, or Sounds Funny—Call the IT Help Desk
      12. What If I Already Clicked the Link or Opened the Attachment?
      13. What If I Didn’t Click the Link or Attachment?
      14. Your IT Team Is Here for You!
    2. Phishing Program Rules
  27. Index
  28. About the Authors

Product information

  • Title: Defensive Security Handbook, 2nd Edition
  • Author(s): Lee Brotherston, Amanda Berlin, William F. Reyor
  • Release date: June 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098127244